HackMag – Page 10 – Security, malware, coding, devops

Malware under surveillance. Sandboxes and how to detect them

Boris Razor & Alex Mess

One of the ways to detect malware is to run it in a sandbox, i.e. in an isolated environment where you can monitor the program’s behavior. In this article, we will explain how sandboxes work and examine techniques allowing malicious programs to evade detection (including methods not covered in specialized literature and Internet blogs).

Read full article →

Security hole in BIG-IP. Exploiting a new vulnerability in F5 products

Written by aLLy

In July 2020, a severe vulnerability was identified in the F5 product line. The bug affects inter alia BIG-IP, an application delivery controller used by many major companies, including banks and mobile operators. The vulnerability received the highest severity index because it allows unprivileged attackers to gain full control over the target system.

Read full article →

How to reinstall Windows remotely

Written by Hackcat

Remote work is the main trend of this year. It suddenly turned out that many things can be done more efficiently from home than sitting in the office. In my humble opinion, such a standard operation as OS reinstallation can be performed remotely as well. Today, I will show how to do this.

Read full article →

Holes in the hole. Vulnerabilities in Pi-hole allow to seize control over Raspberry Pi

Written by aLLy

Three severe vulnerabilities have been recently discovered in Pi-hole, a popular app that blocks advertisement and unwanted scripts. Two of these vulnerabilities result in remote command execution, while the third one allows to escalate your privileges to root. Let’s examine the origin of these bugs and concurrently find out how to detect vulnerabilities in PHP code and Bash scripts.

Read full article →

Ultimate guide to Metasploit: how to use the renowned pentesting framework

Written by RalfHacker

As you are likely aware, Metasploit is the most acclaimed exploitation and post-exploitation framework in the world. Even if you don’t use it, you had definitely encountered numerous references to Metasploit in our materials. In this article, I will give a brief overview of this framework, explain how our security team uses it, and provide some practical tips.

Read full article →

Ultimate guide to PowerShell Empire: from installation to persistence in the target system

Written by RalfHacker

Empire is a popular post-exploitation tool for Windows, Linux, and macOS. This article addresses all key aspects of this framework, including its most frequently used functions. Even if you are a seasoned pentester, you will likely find something new and useful in this material.

Read full article →

Duck tales. How to create a wireless analogue of Rubber Ducky

Written by Candidum

Hackers and pentesters consider BadUSB an efficient attack vector; it emulates the keyboard and performs operations on the attacked computer under the disguise of user input. Such attacks are very difficult-to-detect because neither the OS nor antiviruses suspect the keyboard of any wrongdoing. Today, I will show how to create your own BadUSB tool – a wireless device looking like a memory stick.

Read full article →